SUBJECT: CVE-2022-0028 Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
TECH STACK: All versions of PAN-OS.
DATE(S) ISSUED: 08/10/2022
CRITICALITY: HIGH
OVERVIEW:
CVE-2022-0028 is a vulnerability that affects the PAN-OS software used in some Palo Alto Networks firewalls. It is a type of vulnerability known as a reflected amplification denial-of-service (DoS) vulnerability. This means that an attacker can send a small request to a vulnerable system, which the system will then amplify and send back to the attacker in a much larger form. The attacker can then use this amplified response to flood the system with traffic, causing it to become unavailable to legitimate users.
To exploit this vulnerability, an attacker would need to send a specially crafted request to a vulnerable system. The request would contain a large number of characters that the system would then amplify and return to the attacker. The attacker could then use this amplified response to flood the system with traffic, causing it to become unavailable to legitimate users.
It is important to note that this vulnerability does not allow an attacker to gain access to sensitive information or compromise the security of the system in any other way. It is a denial-of-service vulnerability, meaning that it can be used to make the system unavailable to legitimate users, but it cannot be used to gain unauthorized access to the system or to steal sensitive information.
NIST Description: A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All software updates for this issue are expected to be released no later than the week of August 15, 2022. This issue does not impact Panorama M-Series or Panorama virtual appliances. This issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them.
https://nvd.nist.gov/vuln/detail/CVE-2022-0028
THREAT INTELLIGENCE:
CISA has added CVE-2022-0028 to its Known Exploited Vulnerabilities Catalog, based
on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
CNA: Palo Alto Networks, Inc.
Base Score: 8.6 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
SOLUTION:
To address the CVE-2022-0028 vulnerability, Palo Alto Networks has released a software update that fixes the issue. This update is available for all versions of PAN-OS, and it is recommended that all users apply the update as soon as possible to protect their systems against this vulnerability.
To obtain the update, users should log in to the Palo Alto Networks support site and download the appropriate software package. The software can then be installed on the affected system to apply the patch and fix the vulnerability.
It is important to note that, as with any software update, it is always a good idea to backup your system before applying the patch, in case any issues arise. Additionally, you should follow any instructions provided by the manufacturer to ensure that the update is applied correctly and that your system remains secure.
REFERENCES: